Passwordwall plugin
Project description
# Passwordwall
This puts your Plone site behind a login, without actually logging in a Plone user.
## Use case
This is intended for use on public websites, so “Published” in Plone workflow terminology, where you want to restrict access because the site isn’t meant to be open to the public yet.
It enables people to view the site as as an anonymous user (in the Plone sense), so without having to log in into Plone.
It is not intended for intranets, and other sites where login is required anyway. In that case, this product is either not necessary, or you’re better off using iw.rejectanonymous.
### Plain text
The site password is stored internally as plain text. Do not use your personal super secure password here, because we intended it to be used by several people.
The password should be easy to look up and communicate, which is why we store it in plain text.
If you have a different use case for this product where you want a different behaviour: We do welcome pull requests!
## Alternatives
You might also achieve this with: - web server Basic Auth - IP restriction
But if your hosting setup is such that that isn’t an option, this package might help.
## How to use
Go to the Plone control panel, to the “Security” tab.
You will see a checkbox “Site behind password”. Check it to activate the passwordwall. This means users will need to supply credentials before they can use the site.
Users that are already logged in as Plone users are not asked for credentials.
The password can be set by the “Password” field. This is what people have to type in the “password” box in the dialog to get access.
### Picking a password
It’s recommended to not use dictionary words as is, nor should you use other well known phrases as passwords. This is because their MD5 hashes (which we store as the cookie value) would easily reveal the password. Just mixing in a couple of numbers or other characters should make for a fine password. Try it on https://isc.sans.edu/tools/reversehash.html if you’re not sure.
### Changing the password
When you change the password, existing cookies will be invalid, because the password hash changed. People without Plone accounts (or who are logged out from Plone) will be forced to re-enter the credentials.
## Thank you
Ingeniweb for iw.rejectanonymous, some of whose code this product copied. All spelling mistakes are also their fault.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Hashes for collective.passwordwall-0.1a1.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | a8a479a31def782d144e47f51edf77386f03d1108bc97824e0880f5ea64ad7c0 |
|
MD5 | e49b2adfca1182a97ade7d032523f882 |
|
BLAKE2b-256 | 412fc1b9038e002e229bc9cbee72187c94605c261bc120c28427c3a40c913e4e |